To ship data from Simple Log Service to MaxCompute by using a RAM role, grant data shipping permissions and shipping job management permissions to the role.
Overview
Data shipping from Simple Log Service to MaxCompute requires the following permissions:
-
Data read and write permissions: the permissions to read data from Simple Log Service logstores and write data to MaxCompute tables.
-
Shipping job management permissions: the permissions to create, delete, modify, and view MaxCompute data shipping jobs.
Permissions to read and write data
|
Operation |
Authorization method |
Description |
|
Configure permissions to read data from a logstore |
Allow Simple Log Service to assume AliyunLogDefaultRole to read data from the source logstore. |
|
|
Allow Simple Log Service to assume a custom RAM role to read data from the source logstore. |
||
|
Configure permissions to write data to MaxCompute |
Authorize the default role for MaxCompute (same-account shipping) |
Allow a MaxCompute data shipping job to assume AliyunLogDefaultRole to write data from a Simple Log Service logstore to a MaxCompute table. |
|
Allow a MaxCompute data shipping job to assume a custom RAM role to write data from a Simple Log Service logstore to a MaxCompute table. |
Permissions to manage data shipping jobs
Before RAM users can manage data shipping jobs, they must be authorized to do so. For more information, see Authorize a RAM user to manage MaxCompute delivery tasks.